Integrating amavisd-new Into Postfix For Spam- And Virus-Scanning

Version 1.0
Author: Falko Timme
Last edited 03/08/2007

This article shows how to integrate amavisd-new into a Postfix mail server for spam- and virus-scanning.
amavisd-new is a high-performance interface between MTAs such as Postfix and content checkers: virus scanners, and/or SpamAssassin. We will use ClamAV for virus scanning and SpamAssassin for spam scanning in this tutorial.

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

1 Preliminary Note

In this tutorial I will describe how to install/configure amavisd-new on Debian Etch/Ubuntu 6.10 Edgy Eft (the steps are identical for both distributions) and on Debian Sarge. The amavisd-new configuration is suitable for systems where system users are used for email accounts; if you use virtual users, a few modifications to the amavisd-new configuration might or might not be required (but that depends on the actual setup). If you use virtual email users, take a look at these two tutorials:

amavisd-new works like this: Postfix receives an email on port 25, passes it to amavisd-new on port 10024 which then invokes ClamAV and SpamAssassin, and afterwards amavisd-new re-injects the mail into Postfix on port 10025 which then finally delivers the mail (if it's clean). Here's a small layout of the process:

I assume that Postfix and your email accounts are already set up and working as I don't cover Postfix installation/configuration here.

All steps in this tutorial are done as root, so make sure you're logged in as root.

2 Debian Etch/Ubuntu 6.10 Edgy Eft

First we install amavisd-new, SpamAssassin, and ClamAV together with a few other programs (mainly programs that amavisd-new needs to unpack archives, because emails can contain archives as attachments):

Afterwards we must configure amavisd-new. The configuration is split up in various files which reside in the /etc/amavis/conf.d directory. Take a look at each of them to become familiar with the configuration. Most settings are fine, however we must modify two files:

First we must enable ClamAV and SpamAssassin in /etc/amavis/conf.d/15-content_filter_mode by uncommenting the @bypass_virus_checks_maps and the @bypass_spam_checks_maps lines:

And then you should take a look at the spam settings and the actions for spam-/virus-mails in /etc/amavis/conf.d/20-debian_defaults. There's no need to change anything if the default settings are ok for you. The file contains many explanations so there's no need to explain the settings here:

Next we must edit the configuration file of the Freshclam daemon (that's the daemon that regularly and automatically fetches the newest virus signatures from a ClamAV mirror) because it contains a small bug. Open /etc/clamav/freshclam.conf and modify the NotifyClamd line as shown below:

vi /etc/clamav/freshclam.conf

[...]
NotifyClamd /etc/clamav/clamd.conf
[...]

Then restart Freshclam (make sure no other Freshclam process (maybe of another ClamAV installation) is running because then our Freshclam will fail to start):

/etc/init.d/clamav-freshclam restart

Now we have to configure Postfix to pipe incoming email through amavisd-new:

If you like you can now add Razor, Pyzor, and DCC to SpamAssassin to improve its filtering performance. Razor, Pyzor and DCC are spamfilters that use a collaborative filtering network. To install them, run

apt-get install razor pyzor dcc-client

Now we have to tell SpamAssassin to use these three programs. Edit /etc/spamassassin/local.cf and add the following lines to it:

That's it already. Now watch your mail log (/var/log/mail.log) to see if amavisd-new is working properly. amavisd-new will log whenever it finds a spam or virus email. When you (re)start amavisd-new it should also log that it loads its spam and virus scanning code (if not, you probably did something wrong).

1 Comment(s)

Comments

at first I want to say this is a very nice howto. I just would like to add one note, that can save to someone a lot of time and pain.

The version of Clamav in Debian Etch default repository is quite old (0.90.1) and it takes VERY long time while clamd starts up and creates the socket file. It can take 15 minutes or even more while the CPU is 99% loaded.

So it is more than useful to install Clamav from the Debian volatile project repository. It saves a lot of stress:)